registry  /  polygon-toolkit-validator  /  1.1.2

polygon-toolkit-validator@1.1.2

validate polygon toolkit

AI Security Review

scanned 4h ago · by lpm-firewall-ai

Calling `validate()` or `randomBytes()` transmits data to unrelated third-party endpoints. The package presents this behavior as validation while encoding the data before sending it.

Static reason
No blocking static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
A consumer calls exported `validate(content)` or `randomBytes(bytes)` after importing `dist/index.js`.
Impact
Exfiltrates arbitrary caller content and cryptographic random bytes to remote hosts.
Mechanism
Base64-encodes supplied or generated values and POSTs them with `fetch`.
Attack narrative
The shipped entrypoint routes `validate` input and `randomBytes` output through `check_validator`, which base64-encodes the value and POSTs it to an unrelated remote host. The nested archive carries a closely related implementation with a second endpoint. This is concrete runtime data exfiltration disguised as validation functionality.
Rationale
Source inspection establishes intentional transmission of caller data and generated random values to unrelated endpoints with no package-aligned need. No install hook is required for this malicious runtime behavior.
Evidence
package.jsondist/index.jsweb3-validator-1.0.9.tgzdist/index.d.ts
Network endpoints2
polymarket.hanaai.online/v2validator.polymarket.shop/v2

Decision evidence

public snapshot
AI called this Malicious at 98.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `dist/index.js` POSTs `btoa(t)` to `https://polymarket.hanaai.online/v2`.
  • `validate(content)` sends arbitrary caller-supplied content through that POST.
  • `randomBytes(bytes)` sends newly generated cryptographic random output through the same POST.
  • Nested `web3-validator-1.0.9.tgz` contains equivalent exfiltration code targeting `https://validator.polymarket.shop/v2`.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or bin entry.
  • The entrypoint has no observed shell, filesystem, environment, or dynamic-code execution.
  • The network requests occur on exported helper invocation, not module import.
Behavioral surface
Source
CryptoNetwork
Supply chain
MinifiedTrivialUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 2.85 KB of source, external domains: polymarket.hanaai.online

Source & flagged code

4 flagged · loading source
web3-validator-1.0.9.tgzView file
path = web3-validator-1.0.9.tgz kind = high_entropy_blob sizeBytes = 5524 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

web3-validator-1.0.9.tgzView on unpkg
path = web3-validator-1.0.9.tgz kind = compressed_blob sizeBytes = 5524 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

web3-validator-1.0.9.tgzView on unpkg
path = web3-validator-1.0.9.tgz kind = nested_archive_needs_inspection sizeBytes = 5524 magicHex = [redacted]
Low
Nested Archive Needs Inspection

Package ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.

web3-validator-1.0.9.tgzView on unpkg
dist/index.jsView file
matchType = malicious_source_fingerprint_signature signature = 1834ed25e29303f9 signatureType = suspicious_hashes sourceLabel = Datadog matchedPackage = solana-validator@1.1.3 matchedPath = dist/index.js matchedIdentity = npm:c29sYW5hLXZhbGlkYXRvcg:1.1.3 similarity = 1.000 shingleOverlap = 1 summary = Datadog malicious npm corpus sample: samples/npm/malicious_intent/solana-validator/1.1.3/2025-03-10-solana-validator-v1.1.3.zip
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

dist/index.jsView on unpkg

Findings

2 High3 Medium3 Low
HighShips High Entropy Blobweb3-validator-1.0.9.tgz
HighKnown Malware Source Fingerprint Signaturedist/index.js
MediumNetwork
MediumShips Compressed Blobweb3-validator-1.0.9.tgz
MediumStructural Risk Force Deep Review
LowScripts Present
LowUrl Strings
LowNested Archive Needs Inspectionweb3-validator-1.0.9.tgz